On 8/13/20 12:19 PM, David Laight wrote:
From: Josef Bacik
Sent: 13 August 2020 15:53
sysctl: pass kernel pointers to ->proc_handler
we have been pre-allocating a buffer to copy the data from the proc
handlers into, and then copying that to userspace. The problem is this
just blind
On Thu, Aug 13, 2020 at 04:19:27PM +, David Laight wrote:
> From: Josef Bacik
> > Sent: 13 August 2020 15:53
> >
> > sysctl: pass kernel pointers to ->proc_handler
> >
> > we have been pre-allocating a buffer to copy the data from the proc
> > handlers into, and then copying that to
From: Josef Bacik
> Sent: 13 August 2020 15:53
>
> sysctl: pass kernel pointers to ->proc_handler
>
> we have been pre-allocating a buffer to copy the data from the proc
> handlers into, and then copying that to userspace. The problem is this
> just blind kmalloc()'s the buffer size passed in
On 8/13/20 10:59 AM, Matthew Wilcox wrote:
On Thu, Aug 13, 2020 at 10:53:05AM -0400, Josef Bacik wrote:
+/**
+ * vmemdup_user - duplicate memory region from user space and NUL-terminate
vmemdup_user_nul()
+void *vmemdup_user_nul(const void __user *src, size_t len)
+{
+ void *p;
+
+
On Thu, Aug 13, 2020 at 10:53:05AM -0400, Josef Bacik wrote:
> +/**
> + * vmemdup_user - duplicate memory region from user space and NUL-terminate
vmemdup_user_nul()
> +void *vmemdup_user_nul(const void __user *src, size_t len)
> +{
> + void *p;
> +
> + p = kvmalloc(len, GFP_USER);
Since
sysctl: pass kernel pointers to ->proc_handler
we have been pre-allocating a buffer to copy the data from the proc
handlers into, and then copying that to userspace. The problem is this
just blind kmalloc()'s the buffer size passed in from the read, which in
the case of our 'cat' binary
6 matches
Mail list logo
